MidnightBSD

Advisories for fronius

CVE-2019-19228 MEDIUM

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
fronius primo_8.2-1_208-240_firmware *
fronius symo_10.0-3-m_firmware *
fronius primo_3.0-1_firmware *
fronius symo_10.0-3_480_firmware *
fronius symo_12.5-3_480_firmware *
fronius primo_5.0-1_208-240_firmware *
fronius symo_10.0-3-m-os_firmware *
fronius primo_4.6-1_firmware *
fronius primo_3.5-1_firmware *
fronius symo_advanced_24.0-3_480_firmware *
fronius primo_5.0-1_sc_firmware *
fronius symo_4.5-3-m_firmware *
fronius eco_25.0-3-s_firmware *
fronius symo_hybrid_4.0-3-m_firmware *
fronius symo_15.0-3-m_firmware *
fronius primo_3.6-1_firmware *
fronius primo_6.0-1_firmware *
fronius datamanager_box_2.0_firmware *
fronius primo_3.8-1_208-240_firmware *
fronius symo_12.5-3-m_firmware *
fronius symo_hybrid_5.0-3-m_firmware *
fronius symo_15.0-3_107_firmware *
fronius symo_3.0-3-s_firmware *
fronius symo_24.0-3_480_firmware *
fronius symo_advanced_20.0-3_480_firmware *
fronius symo_20.0-3_480_firmware *
fronius symo_advanced_15.0-3_480_firmware *
fronius primo_10.0-1_208-240_firmware *
fronius primo_4.0-1_firmware *
fronius symo_3.0-3-m_firmware *
fronius galvo_2.5-1_firmware *
fronius symo_20.0-3-m_firmware *
fronius primo_12.5-1_208-240_firmware *
fronius symo_3.7-3-s_firmware *
fronius primo_11.4-1_208-240_firmware *
fronius galvo_3.1-1_firmware *
fronius symo_advanced_10.0-3_208-240_firmware *
fronius symo_12.0-3_208-240_firmware *
fronius galvo_2.5-1_208-240_firmware *
fronius primo_7.6-1_208-240_firmware *
fronius eco_27.0-3-s_firmware *
fronius symo_10.0-3_208-240_firmware *
fronius symo_6.0-3-m_firmware *
fronius symo_advanced_22.7-3_480_firmware *
fronius symo_8.2-3-m_firmware *
fronius galvo_2.0-1_208-240_firmware *
fronius primo_8.2-1_firmware *
fronius primo_5.0-1_aus_firmware *
fronius symo_7.0-3-m_firmware *
fronius galvo_3.0-1_firmware *
fronius symo_17.5-3_480_firmware *
fronius galvo_2.0-1_firmware *
fronius primo_6.0-1_208-240_firmware *
fronius symo_hybrid_3.0-3-m_firmware *
fronius galvo_3.1-1_208-240_firmware *
fronius primo_15.0-1_208-240_firmware *
fronius galvo_1.5-1_firmware *
fronius galvo_1.5-1_208-240_firmware *
fronius symo_4.5-3-s_firmware *
fronius symo_15.0-3_480_firmware *
fronius symo_advanced_12.0-3_208-240_firmware *
fronius symo_17.5-3-m_firmware *
fronius symo_22.7-3_480_firmware *
fronius symo_3.7-3-m_firmware *
fronius primo_5.0-1_firmware *
fronius symo_5.0-3-m_firmware *
CVE-2019-19229 MEDIUM

admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
fronius primo_8.2-1_208-240_firmware *
fronius symo_10.0-3-m_firmware *
fronius primo_3.0-1_firmware *
fronius symo_10.0-3_480_firmware *
fronius symo_12.5-3_480_firmware *
fronius primo_5.0-1_208-240_firmware *
fronius symo_10.0-3-m-os_firmware *
fronius primo_4.6-1_firmware *
fronius primo_3.5-1_firmware *
fronius symo_advanced_24.0-3_480_firmware *
fronius primo_5.0-1_sc_firmware *
fronius symo_4.5-3-m_firmware *
fronius eco_25.0-3-s_firmware *
fronius symo_hybrid_4.0-3-m_firmware *
fronius symo_15.0-3-m_firmware *
fronius primo_3.6-1_firmware *
fronius primo_6.0-1_firmware *
fronius datamanager_box_2.0_firmware *
fronius primo_3.8-1_208-240_firmware *
fronius symo_12.5-3-m_firmware *
fronius symo_hybrid_5.0-3-m_firmware *
fronius symo_15.0-3_107_firmware *
fronius symo_3.0-3-s_firmware *
fronius symo_24.0-3_480_firmware *
fronius symo_advanced_20.0-3_480_firmware *
fronius symo_20.0-3_480_firmware *
fronius symo_advanced_15.0-3_480_firmware *
fronius primo_10.0-1_208-240_firmware *
fronius primo_4.0-1_firmware *
fronius symo_3.0-3-m_firmware *
fronius galvo_2.5-1_firmware *
fronius symo_20.0-3-m_firmware *
fronius primo_12.5-1_208-240_firmware *
fronius symo_3.7-3-s_firmware *
fronius primo_11.4-1_208-240_firmware *
fronius galvo_3.1-1_firmware *
fronius symo_advanced_10.0-3_208-240_firmware *
fronius symo_12.0-3_208-240_firmware *
fronius galvo_2.5-1_208-240_firmware *
fronius primo_7.6-1_208-240_firmware *
fronius eco_27.0-3-s_firmware *
fronius symo_10.0-3_208-240_firmware *
fronius symo_6.0-3-m_firmware *
fronius symo_advanced_22.7-3_480_firmware *
fronius symo_8.2-3-m_firmware *
fronius galvo_2.0-1_208-240_firmware *
fronius primo_8.2-1_firmware *
fronius primo_5.0-1_aus_firmware *
fronius symo_7.0-3-m_firmware *
fronius galvo_3.0-1_firmware *
fronius symo_17.5-3_480_firmware *
fronius galvo_2.0-1_firmware *
fronius primo_6.0-1_208-240_firmware *
fronius symo_hybrid_3.0-3-m_firmware *
fronius galvo_3.1-1_208-240_firmware *
fronius primo_15.0-1_208-240_firmware *
fronius galvo_1.5-1_firmware *
fronius galvo_1.5-1_208-240_firmware *
fronius symo_4.5-3-s_firmware *
fronius symo_15.0-3_480_firmware *
fronius symo_advanced_12.0-3_208-240_firmware *
fronius symo_17.5-3-m_firmware *
fronius symo_22.7-3_480_firmware *
fronius symo_3.7-3-m_firmware *
fronius primo_5.0-1_firmware *
fronius symo_5.0-3-m_firmware *
CVE-2023-37621

An issue in Fronius Datalogger Web v.2.0.5-4, allows remote attackers to obtain sensitive information via a crafted request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
fronius datalogger_web 2.0.5-4